| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability note CVE-2010-0409
GNOME: buffer overflow of gmime
Synthesis of the vulnerability
| An attacker can use long data, in order to generate an overflow when they are encoded with UUencode by gmime. |
Severity: 2/4.
Creation date: 05/02/2010.
|
Description of the vulnerability
The GNOME gmime library handles various MIME sections encodings:
- quoted printable
- base64
- UUencode
The GMIME_UUENCODE_LEN() macro defines the size of data encoded by UUencode. However, the value returned by this macro is too short of two bytes.
An attacker can therefore use long data, in order to generate an overflow when they are encoded with UUencode by gmime, leading to a denial of service and possibly to code execution. |
Complete Vigil@nce bulletin
Characteristics
Title: GNOME: buffer overflow of gmime.
Keywords: GMIME_UUENCODE_LEN GNOME MIME UUencode base64 buffer gmime overflow.
Identifiers: BID-38078, CVE-2010-0409, DSA 2082-1, FEDORA-2010-1429, FEDORA-2010-1484, SUSE-SR:2010:006, VIGILANCE-VUL-9409.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Systems vulnerabilities
|
